Method and electronic device for identifying a pseudo wireless access point

ABSTRACT

A method for identifying a pseudo wireless access point, applied to an electronic device, includes: determining whether an abnormal file operation is detected, when the electronic device is connected to a wireless network through a wireless access point; determining the wireless access point to be a pseudo wireless access point, when the abnormal file operation is detected; and executing an early warning instruction. A system for identifying a pseudo wireless access point is also provided. The present disclosure can timely discover a phishing wireless access point and prevent loss of a user&#39;s privacy and property.

This application claims priority of Chinese Patent Application No.201610932098.3, entitled “method and system for identifying a pseudowireless access point,” filed on Oct. 31, 2016 in the China NationalIntellectual Property Administration (CNIPA), the entire contents ofwhich are incorporated by reference herein.

FIELD

The embodiments of the present disclosure relates to a technical fieldof wireless network, specifically a method and a system for identifyinga pseudo wireless access point.

BACKGROUND

Many electronic devices are now configured with wireless access pointoptions. Users can connect to a wireless access point hotspot to browsea network anytime and anywhere. However, people with ulterior motivescan establish a phishing wireless access point through wireless accesspoint configurations in an electronic device to induce the users toconnect, thereby stealing the users' personal privacy, such as acquiringphotos, contacts, information related to financial applications, and thelike, in the electronic device. Generally, the users are unable todetect it. The users can find that it has been connected to the phishingwireless access point only after money like online banking is illegallytransferred.

SUMMARY

Accordingly, it is necessary to provide a method and a system foridentifying a pseudo wireless access point, which can timely discover aphishing wireless access point and prevent loss of a user's privacy andproperty.

A method for identifying a pseudo wireless access point, which isapplied to an electronic device, the method includes:

When the electronic device is connected to a wireless network through awireless access point, detecting whether there is an abnormal operationin file operations;

When there is the abnormal operation in the file operations, determiningthe wireless access point to be a pseudo wireless access point; and

Executing an early warning instruction.

According to an optional embodiment of the present disclosure, the fileoperations include one or more of the following: operationscorresponding to a target file and a new file creation operation. Thetarget file includes a file related to user privacy or propertysecurity. The operation corresponding to the target file includes anyone or more of the following: a modification operation, a readoperation, and a writing operation on the target file.

According to the optional embodiment of the present disclosure, theabnormal operation includes one or more of the following:

An operation to modify permission setting data corresponding to thetarget file;

A read operation or a writing operation for reading or writing thetarget file, which has a file size larger than or equal to a presetvalue;

A new file creation operation for generating a new file that does notmeet preset naming rules.

According to the optional embodiment of the present disclosure, theearly warning instruction includes one or more of the following:

Logging out of logged-in accounts of all applications in the electronicdevice;

Freezing operations associated with the target file;

Disconnecting from the wireless access point;

Prompting a user that the wireless access point is the pseudo wirelessaccess point;

Prohibiting any operation from accessing a secure digital card in theelectronic device.

A system for identifying a pseudo wireless access point, the systemrunning in an electronic device, the system includes:

A detection module configured to detect whether there is an abnormaloperation in file operations, when the electronic device is connected toa wireless network through a wireless access point;

A determination module configured to determine the wireless access pointto be a pseudo wireless access point, when there is the abnormaloperation in the file operations; and

An early warning module configured to execute an early warninginstruction.

According to an optional embodiment of the present disclosure, the fileoperations include one or more of the following: operationscorresponding to a target file and a new file creation operation. Thetarget file includes a file related to user privacy or propertysecurity. The operation corresponding to the target file includes anyone or more of the following: a modification operation, a readoperation, and a writing operation on the target file.

According to the optional embodiment of the present disclosure, theabnormal operation includes one or more of the following:

An operation to modify permission setting data corresponding to thetarget file;

A read operation or a writing operation for reading or writing thetarget file, which has a size larger than or equal to a preset value;

A new file creation operation for generating a new file that does notmeet preset naming rules.

According to the optional embodiment of the present disclosure, theearly warning instruction includes one or more of the following:

Logging out of logged-in accounts of all applications in the electronicdevice;

Freezing operations associated with the target file;

Disconnecting from the wireless access point;

Prompting a user that the wireless access point is the pseudo wirelessaccess point;

Prohibiting any operation from accessing a secure digital card in theelectronic device.

It can be seen from the above technical solutions that the presentdisclosure determines whether the file operations include the abnormaloperation. When the file operations include the abnormal operation, itis determined that the wireless access point accessed by the electronicdevice is a pseudo wireless access point, and a preset early warninginstruction is executed. Therefore, the present disclosure can timelydiscover the phishing wireless access point and prevent loss of theuser's privacy and property.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flowchart diagram of a method for identifying a pseudowireless access point in an optional embodiment of the presentdisclosure;

FIG. 2 is a structural diagram of an electronic device according to anoptional embodiment of a method for identifying a pseudo wireless accesspoint;

FIG. 3 is a functional block diagram of a system for identifying apseudo wireless access point in an embodiment of the present disclosure.

IDENTIFICATION OF ELEMENTS An electronic device 1 A storage device 12Processing equipment 13 A system for identifying a pseudo 11 wirelessaccess point A detection module 100 A determination module 101 An earlywarning module 102

DETAILED DESCRIPTION

In order to make objects, technical solutions and advantages of apresent disclosure more comprehensible, the present disclosure isdescribed in detail below with references to drawings and specificembodiments.

As shown in FIG. 1, FIG. 1 is a flowchart diagram of a method foridentifying a pseudo wireless access point in an optional embodiment ofthe present disclosure. According to different requirements, a sequenceof steps in the flowchart diagram can be changed, and some steps can beomitted.

Optionally, the method for identifying a pseudo wireless access point inthe embodiment of the present disclosure can be applied to a pluralityof electronic devices. The electronic devices are devices capable ofautomatically performing numerical calculation and/or informationprocessing according to an instruction configured or stored in advance,and hardware of the electronic devices can include but is not limited toa microprocessor, an Application Specific Integrated Circuit (ASIC), aField-Programmable Gate Array (FPGA), a Digital Signal Processor (DSP),and an embedded device, etc.

The electronic devices can also be any electronic product that caninteract with users, such as a personal computer, a tablet computer, asmart phone, a Personal Digital Assistant (PDA), a game machine, anInteractive Network Television. (IPTV), and a smart wearable devices,etc.

Step 10, when an electronic device is connected to a wireless networkthrough a wireless access point, the electronic device determineswhether an abnormal file operation is detected.

In one embodiment of the present disclosure, the electronic deviceincludes various types of files, such as pictures, videos, installationfiles of various applications, various configuration files, and thelike. The wireless access point can include, but is not limited to, aWi-Fi™ access point.

In one embodiment of the present disclosure, the file operations includeone or more of the following: operations corresponding to a target fileand a new file creation operation. The target file includes filesrelated to user privacy or property security. The target file includes,but is not limited to, pictures, videos, cookie files, applicationconfiguration files, and the like. The target file can be one or more.The operation corresponding to the target file includes any one or moreof the following: a modification operation, a read operation, and awriting operation on the target file, and the like.

In one embodiment of the present disclosure, the electronic devicetraverses file operations according to a preset time interval todetermine whether an abnormal file operation is detected.

In one embodiment of the present disclosure, it can be determinedwhether an abnormal file operation is detected by determining whether amodification operation, a read operation or a writing operation on atarget file is abnormal, or whether a new file generated by a new filecreation operation is abnormal.

Step 11, when the abnormal file operation is detected, the electronicdevice determines the wireless access point to be a pseudo wirelessaccess point.

In one embodiment of the present disclosure, the abnormal operationincludes one or more of the following:

(1) An operation to modify permission setting data corresponding to thetarget file.

In one embodiment of the present disclosure, for example, an operationto modify permission setting data corresponding to the target file by amalicious program. The malicious program generally refers to a programwritten with an attack intention. The malicious program mainly includestrapdoors, logic bombs, Trojan horses, worms, bacteria, viruses, and thelike. The permission setting data includes access rights, readpermissions, editing permissions, modifying permissions, and the like.

(2) A read operation or a writing operation for reading or writing thetarget file, which has a file size larger than or equal to a presetvalue.

In one embodiment of the present disclosure, when the size of the targetfile read or written is larger than or equal to the preset value, it isindicated that a plurality of target files are being read or written.The user's privacy and property can be threatened.

(3) A new file creation operation for generating a new file, which doesnot meet preset naming rules. The preset naming rules are configuredaccording to user habits and/or according to system settings of theelectronic device.

Therefore, when the electronic device detects that the file operationshave one or more of above operations, the electronic device determinesthat the file operations includes one or more abnormal operation.

Step 12, the electronic device executes an early warning instruction.

In one embodiment of the present disclosure, the electronic deviceexecutes an early warning instruction, which can include one or more ofthe following:

(1) Logging out of logged-in accounts of all applications in theelectronic device.

(2) Freezing operations associated with the target file. For example,the read operation or the writing operation, and a copy operation, andthe like.

In one embodiment of the present disclosure, after freezing theoperations associated with the target file, when receiving an unfreezinginstruction for the operations associated with the target file from theuser, the operations associated with the target file can be unfrozen.

(3) Disconnecting from the wireless access point.

In one embodiment of the present disclosure, the electronic device firstlogs out of the logged-in accounts of all the applications in theelectronic device, and then the electronic device disconnects from thewireless access point. If the electronic device firstly disconnects fromthe wireless access point, and then the electronic device logs out ofthe logged-in accounts of all the applications in the electronic device,cached network data cannot be emptied, and it can cause the maliciousprogram to continue to manipulate the electronic device.

(4) Prompting a user that the wireless access point is the pseudowireless access point.

In one embodiment of the present disclosure, the wireless access pointcan be prompted to be the pseudo wireless access point by means ofvoice, a vibration, an interface, and the like.

(5) Prohibiting any operation from accessing a Secure Digital (SD) cardin the electronic device.

The present disclosure determines whether the file operation includesthe abnormal operation. When the file operation includes the abnormaloperation, the wireless access point accessed by the electronic deviceis determined to be the pseudo wireless access point, and a preset earlywarning instruction is executed. Therefore, the present disclosure cantimely discover the phishing wireless access point and prevent loss ofthe user's privacy and property.

As shown in FIG. 2, FIG. 2 is a structural diagram of an electronicdevice according to an optional embodiment of a method for identifying apseudo wireless access point. An electronic device 1 includes a storagedevice 12 and a processing device 13.

The electronic device 1 further includes, but is not limited to anyelectronic product that can interact with a user through a keyboard, amouse, a remote controller, a touch panel, or a voice control device.For example, a personal computer, a tablet computer, a smart phone, aPersonal Digital Assistant (PDA), a game console, an Internet ProtocolTelevision (IPTV), a smart wearable devices, and the like. The networkto which the electronic device 1 is located includes, but is not limitedto, the Internet, a wide area network, a metropolitan area network, alocal area network, a virtual private network (VPN), and the like.

The storage device 12 is configured to store a program of a method foridentifying a pseudo wireless access point and various data. The storagedevice 12 realizes high speed and automatic access of the program ordata during operations on the electronic device 1. The storage device 12can be an external storage device and/or an internal storage device ofthe electronic device 1. Moreover, the storage device 12 can be acircuit having a storage function without a physical form in anintegrated circuit, such as a Random-Access Memory (RAM), a First InFirst Out (FIFO), or the like. Alternatively, the storage device 12 canalso be a storage device having the physical form, such as a memorystick, a Trans-flash Card (TF card), or the like.

The processing device 13 is also called as a Central Processing Unit(CPU). The processing device 13 can be a very large-scale integratedcircuit, and the processing device 13 is a computing core and a controlunit of the electronic device 1. The processing device 13 can execute anoperating system of the electronic device 1 and various installedapplications, program codes, and the like, such as a system 11 foridentifying a pseudo wireless access point.

As shown in FIG. 3, FIG. 3 is a functional block diagram of a system foridentifying a pseudo wireless access point in an embodiment of thepresent disclosure. The system for identifying a pseudo wireless accesspoint 11 includes a detection module 100, a determination module 101,and an early warning module 102. The modules in the present disclosurerefer to a series of computer program segments that can be executed bythe processing device 13 and that are capable of performing fixedfunctions. The modules are stored in the storage device 12. In anembodiment, functions of respective modules can be described in detailin subsequent embodiments.

When an electronic device 1 is connected to a wireless network through awireless access point, the detection module 100 determines whether anabnormal file operation is detected.

In one embodiment of the present disclosure, the electronic device 1includes various types of files, such as pictures, videos, installationfiles of various applications, various configuration files, and thelike. The wireless access point includes, but is not limited to, aWi-Fi™ access point.

In one embodiment of the present disclosure, the file operations includeone or more of the following: operations corresponding to a target fileand a new file creation operation. The target file includes filesrelated to user privacy or property security. The target file includes,but is not limited to, pictures, videos, cookies files, applicationconfiguration files, and the like. The target file can be one or more.The operation corresponding to the target file includes any one or moreof the following: a modification operation, a read operation, and awriting operation on the target file, and the like.

In one embodiment of the present disclosure, the detection module 100traverses file operations according to a preset time interval todetermine whether an abnormal file operation is detected.

In one embodiment of the present disclosure, the detection module 100can determine whether an abnormal file operation is detected in a filemanagement folder by determining whether a modification operation, aread operation or a writing operation on a target file is abnormal, orwhether a new file generated by a new file creation operation isabnormal.

When the abnormal file operation is detected, the determination module101 determines the wireless access point to be a pseudo wireless accesspoint.

In one embodiment of the present disclosure, the abnormal operationincludes one or more of the following:

(1) An operation to modify permission setting data corresponding to thetarget file.

In one embodiment of the present disclosure, for example, an operationto modify permission setting data corresponding to the target file by amalicious program. The malicious program generally refers to a programwritten with an attack intention. The malicious program mainly includestrapdoors, logic bombs, Trojan horses, worms, bacteria, viruses, and thelike. The permission setting data includes access rights, readpermissions, editing permissions, modifying permissions, and the like.

(2) A read operation or a writing operation for reading or writing thetarget file, which has a file size larger than or equal to a presetvalue.

In one embodiment of the present disclosure, when the size of the targetfile read or written is larger than or equal to the preset value, it isindicated that a plurality of target files are being read or written.The user's privacy and property can be threatened.

(3) A new file creation operation for generating a new file, which doesnot meet preset naming rules. The preset naming rules are configuredaccording to user habits and/or according to system settings of theelectronic device.

Therefore, when the determination module 101 detects that the fileoperations have one or more of above operations, the determinationmodule 101 determines that the file operations includes one or moreabnormal operation.

The early warning module 102 executes an early warning instruction.

In one embodiment of the present disclosure, the early warning module102 executes an early warning instruction, includes one or more of thefollowing:

(1) Logging out of logged-in accounts of all applications in theelectronic device.

(2) Freezing operations associated with the target file. For example,the read operation or the writing operation, and a copy operation, andthe like.

In one embodiment of the present disclosure, after freezing theoperations associated with the target file, when receiving an unfreezinginstruction for the operations associated with the target file from theuser, the operations associated with the target file can be unfrozen.

(3) Disconnecting from the wireless access point.

In one embodiment of the present disclosure, the electronic device firstlogs out of the logged-in accounts of all the applications in theelectronic device, and then the electronic device disconnects from thewireless access point. If the electronic device firstly disconnects fromthe wireless access point, and then the electronic device logs out ofthe logged-in accounts of all the applications in the electronic device,cached network data cannot be emptied, and it can cause the maliciousprogram to continue to manipulate the electronic device.

(4) Prompting a user that the wireless access point is the pseudowireless access point.

In one embodiment of the present disclosure, the wireless access pointcan be prompted to be the pseudo wireless access point by means ofvoice, a vibration, an interface, and the like.

(5) Prohibiting any operation from accessing a Secure Digital (SD) cardin the electronic device.

The present disclosure determines whether the file operation includesthe abnormal operation. When the file operation includes the abnormaloperation, the wireless access point accessed by the electronic deviceis determined to be the pseudo wireless access point, and a preset earlywarning instruction is executed. Therefore, the present disclosure cantimely discover the phishing wireless access point and prevent loss ofthe user's privacy and property.

The above described integrated units implemented in a form of softwarefunction modules can be stored in a computer readable storage medium.The software function modules as described above are stored in a storagemedium, and the software function modules include instructions forcausing a computer device (e.g., the computer device can be a personalcomputer, a server, or a network device, etc.) or a processor to performpartial steps of methods in various embodiments of the presentdisclosure.

Combined with FIG. 1, the storage device 12 in the electronic device 1stores a plurality of instructions to implement a method for identifyinga pseudo wireless access point, and the processing device 13 can executethe plurality of instructions to implement: when an electronic device isconnected to a wireless network through a wireless access point,determining whether an abnormal file operation is detected; when theabnormal file operation is detected, determining the wireless accesspoint to be a pseudo wireless access point; and executing an earlywarning instruction.

According to an optional embodiment of the present disclosure, the fileoperations include one or more of the following: operationscorresponding to a target file and a new file creation operation. Thetarget file includes a file related to user privacy or propertysecurity. The operation corresponding to the target file includes anyone or more of the following: a modification operation, a readoperation, and a writing operation on the target file.

According to the optional embodiment of the present disclosure, theabnormal operation includes one or more of the following:

An operation to modify permission setting data corresponding to thetarget file;

A read operation or a writing operation for reading or writing thetarget file, which has a file size larger than or equal to a presetvalue;

A new file creation operation for generating a new file that does notmeet preset naming rules.

According to the optional embodiment of the present disclosure, theearly warning instruction includes one or more of the following:

Logging out of logged-in accounts of all applications in the electronicdevice;

Freezing operations associated with the target file;

Disconnecting from the wireless access point;

Prompting a user that the wireless access point is the pseudo wirelessaccess point;

Prohibiting any operation from accessing a secure digital card in theelectronic device.

Specifically, a specific implementation method of the processing device13 of above instructions can refer to descriptions of relevant steps inthe corresponding embodiment in FIG. 1, and details are not repeatedherein. In some embodiments provided by the present disclosure, itshould be understood that a disclosed system, a device, and a method canbe implemented in other manners. For example, device embodimentsdescribed above are illustrative. For example, a division of the modulesis only a logical function division, and an actual implementation can bein another division manner.

The modules described as separate components can or cannot be physicallyseparated, and components displayed as modules can or cannot be physicalunits. That is, the modules and the components can be located in oneplace, or can be distributed to a plurality of network units. Some orall of the modules can be selected according to actual requirements toachieve purposes of solutions of the embodiments.

In addition, each functional module in each embodiment of the presentdisclosure can be integrated into one processing unit, or each unit canexist physically separately, or two or more units can be integrated intoone unit. An integrated unit above can be implemented in the form ofhardware or in a form of hardware with software function modules.

It is apparent to those skilled in a technical field that the presentdisclosure is not limited to details of the above described exemplaryembodiments. The present disclosure can be embodied in other specificforms without departing from spirits or essential characteristics of thepresent disclosure. Therefore, from any point of view, presentembodiments are considered as illustrative and not restrictive, andscope of the present disclosure is limited by appended claims insteadbut not stated above. All changes in meanings and scopes of equivalentelements are included in the present disclosure. Any accompanyingdrawings in the claims should not be construed as limiting the claims.In addition, it is to be understood that the word ‘comprising’ does notexclude other elements or steps, singular or plural. A plurality ofunits or devices recited in system claims can also be implemented by aunit or a device by software or hardware. The word ‘second’ is used todenote a name instead of any particular order.

It should be noted that the above embodiments are only for explainingthe technical solutions of the present disclosure, and the aboveembodiments are not intended to be limiting. Although the presentdisclosure has been described in detail with reference to preferredembodiments, average technician in the field should understand thatmodifications or equivalent substitutions are departing from the spiritsand the scopes of the technical solution of the present disclosure.

1. A method for identifying a pseudo wireless access point, applied toan electronic device, comprising: determining whether an abnormal fileoperation is detected, when the electronic device is connected to awireless network through a wireless access point; determining thewireless access point to be a pseudo wireless access point, when theabnormal file operation is detected; and executing an early warninginstruction.
 2. The method for identifying a pseudo wireless accesspoint of claim 1, wherein the file operations comprise one or more ofthe following: operations corresponding to a target file and a new filecreation operation; and the target file comprises a file related to userprivacy or property security, the operation corresponding to the targetfile comprises any one or more of the following: a modificationoperation, a read operation, and a writing operation on the target file.3. The method for identifying a pseudo wireless access point of claim 2,wherein the abnormal operation comprises one or more of the following:an operation to modify permission setting data corresponding to thetarget file; a read operation or a writing operation for reading orwriting the target file, which has a file size larger than or equal to apreset value; a new file creation operation for generating a new filethat does not meet preset naming rules.
 4. The method for identifying apseudo wireless access point of claim 1, wherein the early warninginstruction comprises one or more of the following: logging out oflogged-in accounts of all applications in the electronic device;freezing operations associated with the target file; disconnecting fromthe wireless access point; prompting a user that the wireless accesspoint is the pseudo wireless access point; prohibiting any operationfrom accessing a secure digital card in the electronic device. 5-8.(canceled)
 9. The method for identifying a pseudo wireless access pointof claim 1, comprising: traversing the file operations according to apreset time interval to determine whether the abnormal file operation isdetected.
 10. The method for identifying a pseudo wireless access pointof claim 3, wherein the permission setting data comprises: accessrights, read permissions, editing permissions, modifying permissions.11. The method for identifying a pseudo wireless access point of claim4, comprising: disconnecting from the wireless access point afterlogging out of the logged-in accounts of all the applications in theelectronic device.
 12. An electronic device, comprising: at least oneprocessor; and a storage device storing a plurality of instructions,which when executed by the processor, causes the at least one processorto: determine whether an abnormal file operation is detected, when theelectronic device is connected to a wireless network through a wirelessaccess point; determine the wireless access point to be a pseudowireless access point, when the abnormal file operation is detected; andexecute an early warning instruction.
 13. The electronic device of claim12, wherein the file operations comprise one or more of the following:operations corresponding to a target file and a new file creationoperation; and the target file comprises a file related to user privacyor property security, the operation corresponding to the target filecomprises any one or more of the following: a modification operation, aread operation, and a writing operation on the target file.
 14. Theelectronic device of claim 13, wherein the abnormal operation comprisesone or more of the following: an operation to modify permission settingdata corresponding to the target file; a read operation or a writingoperation for reading or writing the target file, which has a file sizelarger than or equal to a preset value; a new file creation operationfor generating a new file that does not meet preset naming rules. 15.The electronic device of claim 12, wherein the early warning instructioncomprises one or more of the following: logging out of logged-inaccounts of all applications in the electronic device; freezingoperations associated with the target file; disconnecting from thewireless access point; prompting a user that the wireless access pointis the pseudo wireless access point; prohibiting any operation fromaccessing a secure digital card in the electronic device.
 16. Theelectronic device of claim 12, wherein the at least one processor isfurther caused to: traverse the file operations according to a presettime interval to determine whether the abnormal file operation isdetected.
 17. The electronic device of claim 15, wherein the permissionsetting data comprises: access rights, read permissions, editingpermissions, modifying permissions.
 18. The electronic device of claim14, wherein the at least one processor is further caused to: disconnectfrom the wireless access point after logging out of the logged-inaccounts of all the applications in the electronic device.
 19. Anon-transitory storage medium having stored thereon instructions that,when executed by a processor of an electronic device, causes theprocessor of the electronic device to perform a method for identifying apseudo wireless access point, the method comprising: determining whetheran abnormal file operation is detected, when the electronic device isconnected to a wireless network through a wireless access point;determining the wireless access point to be a pseudo wireless accesspoint, when the abnormal file operation is detected; and executing anearly warning instruction.
 20. The non-transitory storage mediumaccording to claim 19, wherein the file operations comprise one or moreof the following: operations corresponding to a target file and a newfile creation operation; and the target file comprises a file related touser privacy or property security, the operation corresponding to thetarget file comprises any one or more of the following: a modificationoperation, a read operation, and a writing operation on the target file.21. The non-transitory storage medium according to claim 20, wherein theabnormal operation comprises one or more of the following: an operationto modify permission setting data corresponding to the target file; aread operation or a writing operation for reading or writing the targetfile, which has a file size larger than or equal to a preset value; anew file creation operation for generating a new file that does not meetpreset naming rules.
 22. The non-transitory storage medium according toclaim 19, wherein the early warning instruction comprises one or more ofthe following: logging out of logged-in accounts of all applications inthe electronic device; freezing operations associated with the targetfile; disconnecting from the wireless access point; prompting a userthat the wireless access point is the pseudo wireless access point;prohibiting any operation from accessing a secure digital card in theelectronic device.
 23. The non-transitory storage medium according toclaim 19, wherein the method further comprises: traversing the fileoperations according to a preset time interval to determine whether theabnormal file operation is detected.
 24. The non-transitory storagemedium according to claim 20, wherein the permission setting datacomprises: access rights, read permissions, editing permissions,modifying permissions.